[kafka-ui chart] Add extra podLabels and ingress/egress custom rules (#1160)

* [kafka-ui chart] Make it possible to declare custom podLabels

Make it possible to declare extra labels for the Kafka-UI pod.

Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>

* [kafka-ui chart] Add support for egress/ingress custom rules

* [kafka-ui chart] Fix the warning: cannot overwrite table with non table

Fix the warnings displayed by helm template:

   coalesce.go:200: warning: cannot overwrite table with non table for customRules (map[])
   coalesce.go:200: warning: cannot overwrite table with non table for customRules (map[])

.gitignore

@@ -37,6 +37,5 @@ build/
 
 *.tar.gz
 *.tgz
-**/charts/
 
 /docker/*.override.yaml

charts/kafka-ui/Chart.yaml

@@ -2,6 +2,6 @@ apiVersion: v2
 name: kafka-ui
 description: A Helm chart for kafka-UI
 type: application
-version: 0.0.1
+version: 0.0.2
 appVersion: latest
 icon: https://github.com/provectus/kafka-ui/raw/master/images/kafka-ui-logo.png

charts/kafka-ui/README.md

@@ -1,22 +1,31 @@
 # Kafka-UI Helm Chart
+
 ## Configuration
+
 Most of the Helm charts parameters are common, follow table describe unique parameters related to application configuration.
+
 ### Kafka-UI parameters
+
 | Parameter| Description| Default|
 |---|---|---|
 | `existingConfigMap`| Name of the existing ConfigMap with Kafka-UI environment variables | `nil`|
 | `existingSecret`| Name of the existing Secret with Kafka-UI environment variables| `nil`|
 | `envs.secret`| Set of the sensitive environment variables to pass to Kafka-UI | `{}`|
 | `envs.config`| Set of the environment variables to pass to Kafka-UI | `{}`|
+| `networkPolicy.enabled` | Enable network policies | `false`|
+| `networkPolicy.egressRules.customRules` | Custom network egress policy rules | `[]`|
+| `networkPolicy.ingressRules.customRules` | Custom network ingress policy rules | `[]`|
+| `podLabels` | Extra labels for Kafka-UI pod | `{}`|
 
 ## Example
+
 To install Kafka-UI need to execute follow:
 ``` bash
 helm repo add kafka-ui https://provectus.github.io/kafka-ui
 helm install kafka-ui kafka-ui/kafka-ui --set envs.config.KAFKA_CLUSTERS_0_NAME=local --set envs.config.KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=kafka:9092
-``` 
+```
 To connect to Kafka-UI web application need to execute:
 ``` bash
 kubectl port-forward svc/kafka-ui 8080:80
 ```
-Open the `http://127.0.0.1:8080` on the browser to access Kafka-UI.
+Open the `http://127.0.0.1:8080` on the browser to access Kafka-UI.

charts/kafka-ui/templates/deployment.yaml

@@ -21,6 +21,9 @@ spec:
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
       labels:
         {{- include "kafka-ui.selectorLabels" . | nindent 8 }}
+        {{- if .Values.podLabels }}
+        {{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:

charts/kafka-ui/templates/networkpolicy-egress.yaml

@@ -0,0 +1,18 @@
+{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.egressRules.customRules }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ printf "%s-egress" (include "kafka-ui.fullname" .) }}
+  labels:
+    {{- include "kafka-ui.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "kafka-ui.selectorLabels" . | nindent 6 }}
+  policyTypes:
+    - Egress
+  egress:
+    {{- if .Values.networkPolicy.egressRules.customRules }}
+    {{- toYaml .Values.networkPolicy.egressRules.customRules | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/kafka-ui/templates/networkpolicy-ingress.yaml

@@ -0,0 +1,18 @@
+{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.customRules }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ printf "%s-ingress" (include "kafka-ui.fullname" .) }}
+  labels:
+    {{- include "kafka-ui.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "kafka-ui.selectorLabels" . | nindent 6 }}
+  policyTypes:
+    - Ingress
+  ingress:
+    {{- if .Values.networkPolicy.ingressRules.customRules }}
+    {{- toYaml .Values.networkPolicy.ingressRules.customRules | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/kafka-ui/values.yaml

@@ -25,7 +25,29 @@ envs:
   secret: {}
   config: {}
 
+networkPolicy:
+  enabled: false
+  egressRules:
+    ## Additional custom egress rules
+    ## e.g:
+    ## customRules:
+    ##   - to:
+    ##       - namespaceSelector:
+    ##           matchLabels:
+    ##             label: example
+    customRules: []
+  ingressRules:
+    ## Additional custom ingress rules
+    ## e.g:
+    ## customRules:
+    ##   - from:
+    ##       - namespaceSelector:
+    ##           matchLabels:
+    ##             label: example
+    customRules: []
+
 podAnnotations: {}
+podLabels: {}
 
 podSecurityContext: {}
   # fsGroup: 2000